Known Vulnerabilities
CVE-2020-6290
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
MEDIUM
CVSS 4.2
Published Jul 14, 2020
CVE-2020-6289
SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
MEDIUM
CVSS 4.3
Published Jul 14, 2020
CVE-2020-6291
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
MEDIUM
CVSS 5.4
Published Jul 14, 2020
CVE-2020-6292
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
MEDIUM
CVSS 4.6
Published Jul 14, 2020